映像

様々なランサムウェアに対応するAppCheckの事前防御、自動復旧およびリアルタイムバックアップ機能を映像でご確認いただけます。

  • Distribution Method : Mail attachment
 
  • MD5 : ba6ed06e4b5cc53fc71746ec4be4a419
 
  • Major Detection Name : Trojan.Ransom.AutoCryptor (ALYac), Ransom/W32.Blocker.302080 (nProtect)
 
  • Encrypted File Pattern : No Change
 
  • Malicious File Creation Location : C:\Users\%UserName%\AppData\Roaming\UpdateServices.exe
 
  • Payment Instruction File : THIS_YOU_MUST_READ.txt
 
  • Major Characteristics :
         - The Korean users targeted
         - Ransomware execution using Event Viewer (eventvwr.msc)
         - Disable system restore (vssadmin.exe delete shadows /ALL /Quiet)
         - Interrupt file recovery using "C:\Windows\System32\cmd.exe" cipher /w:<Drive Letter> commands
         - Encryption guide using Text-to-Speech (TTS) function

リスト

위로